iTunes fraud

There is another round of fraudulent iTunes Store charges cropping up this holiday season (and psssibly in the wake of new devices from Apple and Microsoft).

My experience was that I deposited a check into my local bank account, and found that the balance (which I ask for most times) was off by about 88 dollars. So I went online when I got home, and found three charges to my debit card from the iTunes Store. First was the usual $1.00 setup charge. Then two more charges.

I have never had any account with Apple, and I don't own any Apple devices. They certainly have never had my debit card number. But Amazon.com, Frys.com, WalMart.com and Windows Secrets all have my card number.

When you make purchases online, most places send confirmation emails, and some of these may contain credit card information. I use Yahoo Web Mail, which has had numerous security issues over the past couple of years. Even though complete credit card numbers are not supposed to be sent in these emails, tracking links sometimes get very close to logging folks into your actual billing accounts.

I don't know from whom nor how exactly the iTunes charges got assigned to my debit card. But the card had to be canceled, and my bank said they wouldn't do anything about the disputed charges from their end for a few days.

Not satisfied, I tried to reach a live person at Apple Customer Care. Not easy. See this post, and at least for now, you will see one trick to get to a live person. Then I got put on a long hold waiting for someone from Apple's Fraud Department. The Fraud Rep. looked into the situation and saw that it appeared that my card information had been compromised to set up the iTunes Account. So much for "improved" iTunes Security since Susan Bradley's report on her experience with iTunes fraud. (Original Story)

Well, once I got Apple on the case, the charges were reversed with all due haste, and I will not have to file any paperwork to get my money back. That's the advantage of using Online Banking -- you can intercept pending fraudulent transactions if you catch them in the act before they clear.

But I will be without my card at the time of the year when I want to do my Christmas shopping. This is the price I'll pay for letting my card information reside in any durable form anywhere online. Believe me, I'll reduce the possibilities of this happening again wherever I can!

I am posting this partly as a warning, and partly to post where and how to reach a Live Person to deal with iTunes fraudulent charges. Anyone with recent experiences with this sort of fraud may post below. Thanks for reading.

This is why I would never use a DEBIT card on the internet, or anywhere for that matter,...there is no protection, e.g. no Law like Credit Cards! Now the credit card I use on the internet gives me a 100% guarantee against fraudulent charges and it doesn't even have an annual fee and gives me a 1.5% rebate on all purchases. I can also check current charges when ever I have an internet connection to nip things in the bud should something go awry and they even call me if they notice something out of the ordinary for my spending habits. It does make a difference which company you use.

What ever happened to the drive toward virtual card numbers? I use them all the time, but does anybody else? Five years ago there were several credit card companies offering that feature, but now it seems there are only two: Citicard and BofA--and BofA only offers it if you'll tie the credit card to a high-balance savings acct with them.

Citicard is the only place online that has my credit card number. For all online purchases I get a virtual number from Citicard that's essentially a one-time-use number. Different online purchases get different virtual numbers. Even if an online vendor tries to keep my credit card number, he only gets the virtual number, which is almost useless because it expires almost immediately.

I'd like to add that I took no losses on this one. But I want folks to know that if they get fraudulent iTunes charges in their statements, there is a way to talk to a live person at Apple, in addition to your card issuer.

I agree that virtual cards would be an improvement. Perhaps someday my bank will see the light on this one.

For those who don't qualify for credit cards, there really isn't much choice as to whether or not to use a debit card. At some sites, my card offers the service which adds a one-time use security code number. But only at participating merchants, and Amazon is not one of these. Obviously, neither is the iTunes Store.

Last year I got a call from American Express asking if I purchased anything from the Apple store. There was a small (less than a dollar) charge on my card. When I said no, they told me it was probably a test purchase to see if the credit card number was valid. They immediately cancelled my card and sent me a new one. I also would never use a debit card for purchases either on the internet or locally.

I have yet to see whether my bank makes me fill out any paperwork, or makes me wait to restore the funds.

The one dollar or less charge from the iTunes Store is indeed a test ping, and is refunded to the account holder after the first purchase. Mine went away, even though the entire account setup was fraudulent.

Again, those who don't qualify for credit cards are stuck with debit cards. I do not know for sure that any online source caused the leakage of my card number.

Another option for those who don't qualify for a normal credit card is a prepaid credit card. This will also help rebuild your credit rating. American Express offers one that come with some of the same consumer protection features as a normal credit card.

The Following User Says Thank You to jwitalka For This Useful Post:

Hadn't thought of that option. That's a real possibility for use online or at unreliable retail stores. Yes, there tend to be extra fees on a prepaid card, but it can be worth it, so as not to expose any larger amount of funds than is necessary to possible fraud.

I got a Case Number from iTunes on the fraud. My own bank took my afadavit. Waiting to see when or whether the funds get restored.

Re Citicard one-time-use credit card number.
I just email citicard and get a reply. Citi has a problem with Virtual Account Number software. They are working furiously to fix it.

I also use one-time-number for any long-period repeatable charges as well, and for those 'hard to cancel' services. With one-time number, they are effectively prevented from continuing charging you even if you have canceled the service.

PayPal is great but it is not universally accepted. Other than that PayPal is my pal.

From my experience explaining the virtues of virtual credit card numbers to others, I have an idea of why they are not used much. They are a pain in the butt.

To make a purchase normally, you just pull out your cc and enter the info. To use a virtual card, you have to open another browser window, log on to your cc bank, find where they've put the virtual cc option, request one, then start blocking, copying, and pasting the numbers from one window to another.

This assumes you understand copy/paste process. You might be surprised how many people don't, or get confused when attempting it.

If you're making several purchases from different sites, this gets old fast.

I've used Citibank's virtual card number feature for years. It's the only card I use online.

There are two options when generating a virtual number.

1) A one-time use virtual number with an open $-amount that expires at end of the next full month. If I generated a number today (11/22) it'd have an expiration date of 12/2012. The card is effectively "expired" after a transaction occurs, although refunds can be posted until the stated expiration.

2) A virtual number for which I enter a maximum $-amount and an expiration date (which can be changed later). In this case (I assume) the virtual number can be used multiple times up to the $-amount and expiration date.

The virtual number in either case has a unique CVV, not the same as the "real" card.

Virtual number generation can be done either via log-in to Citibank's web site, or via a utility that runs local on the computer.